By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Industry analysts claimed that Cisco will include an SSL VPN (virtual private network), called "WebVPN", with existing IPsec (IP Security Protocol) VPN features at no extra cost. Cisco did not respond to requests for comment.

SSL VPNs are an increasingly popular technology for providing remote users with access to network resources such as e-mail, software applications and network file servers, according to Dave Kosiur, a senior analyst at The Burton Group.

As opposed to VPNs that use IPsec, SSL VPNs are typically "clientless", meaning that they do not require a separate software application to be installed on the remote user's machine.

They also rely on the SSL protocol, which is a part of most common web servers and web browsers and widely used to secure e-commerce transactions, Kosiur said.

Companies using SSL VPN pass connections through port 443, to which most firewalls automatically allow traffic. In contrast, IPsec requires multiple ports to be opened on firewalls to handle different elements of the IPsec VPN exchange such as message authentication headers and IKE (Internet Key Exchange) traffic, he said.

Because they use clients, IPsec VPNs can be more difficult to manage for large numbers of users. Business travellers who rely on IPsec VPNs often find that internet providers such as hotels have not modified their firewalls to allow IPsec connections, denying them VPN access to their company network from the road, Kosiur said.

IPsec suppliers have made progress in resolving such integration problems, but left a window open that SSL VPN vendors have used to grab market share, Kosiur said.

The 3000 Concentrator will support a limited thin client mode, in which a Java web browser plug-in can be downloaded and used to handle operations such as port forwarding for static communications ports, according to Kosiur, who was briefed on the new features by Cisco.

The latest SSL VPN features will take advantage of existing VPN 3000 IPsec capabilities such as load-balancing and high availability features, according to information obtained.

The product will not, initially, support products which do more sophisticated port switching, such as Citrix Systems' terminal emulation products or IBM's Lotus Sametime instant messaging application, Kosiur said.

That will put them somewhat behind dedicated SSL VPN suppliers such as Aventail.

"Cisco is providing what Aventail or Neoteris were offering nine months ago, so they will need to do some catch-up in terms of offering additional functionality," Kosiur said.

Nevertheless, the features Cisco is rolling into the 3000 Concentrator should cover around 80% of what companies use VPN for, he said.

For companies that have already invested in the 3000 Concentrator product or other Cisco hardware, that may be enough to convince IT purchasers to stay with the company for VPN as well, according to Zeus Kerravala, vice president of enterprise infrastructure at The Yankee Group.

Cisco scored at the top of a recent Yankee Group poll which asked network managers which SSL VPN supplier they would consider in the next 12 months, even though the company had not even announced its SSL VPN product when the poll was conducted, he said.

In addition, IPsec is still a widely accepted VPN technology, and even preferable for so-called "power users" who need remote access to more complicated network applications and legacy systems, Kosiur said.

Cisco's move to add both SSL VPN and IPsec on one device, at no extra cost, will put pressure on other VPN suppliers to do the same, he said.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy